Zero Day Windows Exploit

Microsoft has released a Security Advisory providing information on a new zero-day attack targeting a Windows kernel component, specifically the Win32k TrueType font parsing engine. The Microsoft Security Advisory provides a summary of the issue, mitigating factors, and a list of affected software. There is currently no patch for the exploit, but Microsoft is actively working on one.

In the meantime, Microsoft has released a temporary workaround to address the issue. Here is a link to the Microsoft Support temporary workaround.

A "zero-day attack" is term used to refer to a computer threat which tries to exploit computer application vulnerabilities that do not currently have a solution. In many cases the attack coincides with the vulnerability becoming known, meaning that there are zero days between the vulnerability becoming known and the first attack.